/*
 * Copyright 2020-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.token;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.core.OAuth2Token;
import org.springframework.util.Assert;

/**
 * An {@link OAuth2TokenGenerator} that simply delegates to it's
 * internal {@code List} of {@link OAuth2TokenGenerator}(s).
 * <p>
 * Each {@link OAuth2TokenGenerator} is given a chance to
 * {@link OAuth2TokenGenerator#generate(OAuth2TokenContext)}
 * with the first {@code non-null} {@link OAuth2Token} being returned.
 *
 * @author Joe Grandja
 * @since 0.2.3
 * @see OAuth2TokenGenerator
 * @see JwtGenerator
 * @see OAuth2RefreshTokenGenerator
 */
public final class DelegatingOAuth2TokenGenerator implements OAuth2TokenGenerator<OAuth2Token> {
	// 3个，JwtGenerator OAuth2AccessTokenGenerator OAuth2RefreshTokenGenerator  三者的区别关键在于里面的tokenValue值，后两者均是96位随机数
	// base64加密生成的字符串 本身没有任何意义  而JwtGenerator的tokenValue值实际上是一个jws,包含头，数据(claim 含有用户信息等)，签名
	private final List<OAuth2TokenGenerator<OAuth2Token>> tokenGenerators;

	/**
	 * Constructs a {@code DelegatingOAuth2TokenGenerator} using the provided parameters.
	 *
	 * @param tokenGenerators an array of {@link OAuth2TokenGenerator}(s)
	 */
	@SafeVarargs
	public DelegatingOAuth2TokenGenerator(OAuth2TokenGenerator<? extends OAuth2Token>... tokenGenerators) {
		Assert.notEmpty(tokenGenerators, "tokenGenerators cannot be empty");
		Assert.noNullElements(tokenGenerators, "tokenGenerator cannot be null");
		this.tokenGenerators = Collections.unmodifiableList(asList(tokenGenerators));
	}
	//JwtGenerator和OAuth2AccessTokenGenerator都有claims(声明信息)，二者的关键区别在于string token值，前者是jwt(里面包含用户等信息)而后者纯粹就是一个随机数生成的字符串而已
	@Nullable
	@Override
	public OAuth2Token generate(OAuth2TokenContext context) {
		for (OAuth2TokenGenerator<OAuth2Token> tokenGenerator : this.tokenGenerators) {
			// accessToken使用JwtGenerator或者OAuth2AccessTokenGenerator主要取决于oauth2_registered_client中的token_settings中的access-token-format属性值
			// 两种方式的区别OAuth2AccessTokenGenerator生成了一个OAuth2AccessTokenClaims对象，里面封装了token值(96随机数 base64编码)，还有生效和失效时间等
			// 而JwtGenerator返回的是Jwt对象里面封装了生效和失效时间 还有token值(是一个jws,实际就是一个SignedJWT序列化之后的字符串，里面包含头，数据:包含用户信息，签名三部分)
			// refreshToken使用OAuth2RefreshTokenGenerator
			// idToken使用JwtGenerator
			OAuth2Token token = tokenGenerator.generate(context);
			if (token != null) {
				return token;
			}
		}
		return null;
	}

	@SuppressWarnings("unchecked")
	private static List<OAuth2TokenGenerator<OAuth2Token>> asList(
			OAuth2TokenGenerator<? extends OAuth2Token>... tokenGenerators) {

		List<OAuth2TokenGenerator<OAuth2Token>> tokenGeneratorList = new ArrayList<>();
		for (OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator : tokenGenerators) {
			tokenGeneratorList.add((OAuth2TokenGenerator<OAuth2Token>) tokenGenerator);
		}
		return tokenGeneratorList;
	}

}
